How to remove x-powered-by header in .net core 2.0

As far as I know, the removal of these headers is facilitated with the Request Filtering module, which is part of IIS.

To remove a header, you need to have a web.config file stored on your site, with the following content:

<?xml version="1.0" encoding="utf-8"?><configuration>  <!-- To customize the asp.net core module uncomment and edit the following section.   For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->  <system.webServer>    <handlers>      <remove name="aspNetCore"/>      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>    </handlers>    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />    <httpProtocol>      <customHeaders>        <remove name="X-Powered-By" />      </customHeaders>    </httpProtocol>  </system.webServer></configuration>

Add this web.config to your net core application's root folder.

Then it will remove the x-powered-by header.

The result like this:

• In addition to @Brando Zhang answer, To remove "Server:Kestrel" from response header:

-.NET Core 1

 var host = new WebHostBuilder()        .UseKestrel(c => c.AddServerHeader = false)        .UseContentRoot(Directory.GetCurrentDirectory())        .UseIISIntegration()        .UseStartup<Startup>()        .Build();

-NET Core 2

WebHost.CreateDefaultBuilder(args)               .UseKestrel(c => c.AddServerHeader = false)               .UseStartup<Startup>()               .Build();

If you don't want to create a web.config file in a ASP.NET Core solution, you can remove the X-Powered-By header in IIS Manager.

Click on <ServerName> --> HTTP Response Headers --> X-Powered-By and choose the Remove action.

This will remove the header for all websites on that server. Which is fine because why would you want to share that info in the first place?